# Contributor: Valery Kartel <valery.kartel@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=openvpn
pkgver=2.6.12
pkgrel=1
pkgdesc="Robust, and highly configurable VPN (Virtual Private Network)"
url="https://openvpn.net/"
arch="all"
license="GPL-2.0-only WITH openvpn-openssl-exception"
subpackages="$pkgname-doc $pkgname-dev $pkgname-openrc $pkgname-auth-pam:pam"
depends="iproute2-minimal"  # needs just /sbin/ip
depends_dev="openssl-dev" # openvpn-plugin.h includes openssl/x509.h
makedepends="
	$depends_dev
	libcap-ng-dev
	linux-headers
	linux-pam-dev
	lz4-dev
	lzo-dev
	"
checkdepends="cmocka-dev"
install="$pkgname.pre-install"
source="https://build.openvpn.net/downloads/releases/openvpn-$pkgver.tar.gz
	openvpn.initd
	openvpn.confd
	openvpn.up
	openvpn.down
	"

# secfixes:
#   2.6.11-r0:
#     - CVE-2024-5594
#     - CVE-2024-28882
#   2.6.7-r0:
#     - CVE-2023-46849
#     - CVE-2023-46850
#   2.5.6-r0:
#     - CVE-2022-0547
#   2.5.2-r0:
#     - CVE-2020-15078
#   2.4.9-r0:
#     - CVE-2020-11810
#   2.4.6-r0:
#     - CVE-2018-9336
#   0:
#     - CVE-2020-7224
#     - CVE-2020-27569
#     - CVE-2024-4877

build() {
	./configure \
		--build=$CBUILD \
		--host=$CHOST \
		--prefix=/usr \
		--mandir=/usr/share/man \
		--sysconfdir=/etc/openvpn \
		--enable-iproute2 \
		--enable-x509-alt-username
	make
}

check() {
	make check
}

package() {
	make DESTDIR="$pkgdir" install

	install -D -m644 doc/openvpn.8 "$pkgdir"/usr/share/man/man8/openvpn.8

	# install samples
	mkdir -p "$pkgdir"/usr/share/doc/$pkgname/samples
	cp -a sample/sample-* "$pkgdir"/usr/share/doc/$pkgname/samples
	install -D -m644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING

	# install init.d and conf.d
	install -Dm755 "$srcdir"/openvpn.initd "$pkgdir"/etc/init.d/openvpn
	install -Dm644 "$srcdir"/openvpn.confd "$pkgdir"/etc/conf.d/openvpn

	# install up and down scripts
	install -Dm755 "$srcdir"/openvpn.up "$pkgdir"/etc/openvpn/up.sh
	install -Dm755 "$srcdir"/openvpn.down "$pkgdir"/etc/openvpn/down.sh
}

pam() {
	pkgdesc="OpenVPN plugin for PAM authentication"
	mkdir -p "$subpkgdir"/usr/lib/openvpn/plugins
	mv "$pkgdir"/usr/lib/openvpn/plugins/*-auth-pam* \
		"$subpkgdir"/usr/lib/openvpn/plugins/
}

sha512sums="
92f548186d9375d6ae47b1387dd191241b8a45aed82294523b3771bdd5e699b94265e1a3bbf3ef2638da0d54c19c783f54c456cbd755c846849bf67913cad6db  openvpn-2.6.12.tar.gz
42eda00f64727e6a1c3c74a02a5e99f34bd1361935fef8f807f16515e553ae644d3b054f40e8a352138db646aa3553e3f4ce6f5c10354191bef745ff99245f46  openvpn.initd
1f14d4bd7a4a026c276af048ce647501c15358c6b0d184e95c49be5b8184188c8edafb76ed94835cdbb314187ee3b5b3ccd852e3a47add0599814c402309bece  openvpn.confd
b8fd9d9d1cdfc70c38f3678de4bea760133c8f5fdc46dec9b41c8eb68d0299802379d77a25cea2e78d04b1af9accf7563d4b1022caef30f49d9ae7f1084eb828  openvpn.up
a9c57fe58042554746b002424f39c6aa31d755aeaca1ec31bbcaa96fe53a1deae6947ae0d70a71c4e303391a5170c7dbc7f579b3fa6834fddfd8fc519c1a3c62  openvpn.down
"
